I read in the last few years a couple of times the request about the including the option to encrypt your /home or even / while installing. I would like to ask once more if that would be something others would be interested in.
I have 3 notebooks, all with aptosid installed and I would be very happy about such an option.

Encrypting /home only isn't very secure as information will likely leak into /tmp and swap (at least) so I don't think it's appropriate to add this as a feature to the installer.

However if you really want to only encrypt /home you can just do a simple install to one partition, setup an encrypted partition (luksFormat, luksOpen and mkfs, the manual page linked can help with these) and then add it to /etc/crypttab and /etc/fstab.

se7en

Post subject:Posted: 12.06.2011, 14:30

Joined: 2010-09-11
Posts: 164

Status: Offline

Thanks bluewater,
John Cleese kicks ass and brings the message better across than the avatar before that gave slam almost a legal heart attack.

Anyway thanks for the information. I think I saw the tick box in ubuntu, but than again you see many things that not make sense on ubuntu

Didn't know that crypt has trouble with big drives. I guess the notebooks where crypt makes sense hit the 1TB mark now. So crypt has a year or two to work on the problem.
I can also not imagine how long it must take to prepare a 2TB drive for encryption, your hardware might be out of date before you can start .

Regarding crypt stuff: The manual has been updated online on manual.aptosid.com over the last day or so and should enter the aptosid repo sometime in the next 3 days.

While I may say 'crypt stuff is not likely to be a check box', however, I am not going to say 'never say never' either.

Aside from that, there are a stack of issues brewing for booting 2TB disks which are becoming common..

Trevor

Adding encryption support to the installer would be a nice touch, perhaps adding it to an advanced installation options tab or section.

You'd need GPT support for booting from disks that size, and the tools for GPT are not quite stable enough for production use yet and is still experimental.

bfree

Post subject:Posted: 12.06.2011, 19:48

Team Member

Joined: 2010-08-26
Posts: 267

Status: Offline

The installer has encryption support already as described in the manual, you "just" need to setup, open and format the encrypted device manually outside the installer, but it will recognise that you have chosen an encrypted root partition and configure things so it will boot ok.

Making the installer handle encrypting partitions though means complicating things a lot with respect to how it currently works. Right now the installer expects you to handle partitioning first so it can find the filesystems to offer you for your root (and other) partitions and it does this by simply letting you run a partitioning tool.

None of the partitioning tools (that I know of) will handle configuring a partition for encryption so you would need another stage to go between partitioning and choosing your install targets which would let you pick partitions to encrypt and what type of filesystem to place inside it. Then to do things sanely this would also want to allow you to setup lvm inside the encrypted container partition (e.g. so you can have your swap encrypted without requiring a second password prompt on boot). So really adding some sort of nice interface to setting up encryption as part of the installer would first/also mean adding fancier lvm support.

Attempting to do this sort of thing in the installer is likely to complicate it considerably and so far nobody (that I know of) has attempted to take that job on to try and come up with anything sane that doesn't make the installer more fragile or less friendly to most users. The usual "patches welcome" applies however I'd warn anyone contemplating it that unless you can come up with a neat and foolproof concept such patches are unlikely to be accepted. Imagine the anger if "just ticking the box" leads to people destroying data either because they get confused or because of bugs in the code.

As for GPT support the installer will already work with a GPT disk transparently if you use lvm. I've actually been working today on adding support for normal partitions on a GPT disk to the installer and think I have a sane patch.

UEFI though is a bigger mess and if you want to boot from a partition which crosses the 2TB barrier on a disk a plain bios won't cut it (afaict). As long as you keep the boot partition before the 2TB barrier though I think you can use a regular bios to boot your system (3TB disks being too expensive still for me to have bought one just for the hell of it to test such things, I did go out of my way to get a UEFI board though for my new system).

GPT+UEFI+>2TB disks though have nothing to do with encryption. There are just likely to be people willing to work on adding support for that though before anyone is likely to think again about adding further encryption or lvm support to the installer. There are only so many people who actually work on these things and as volunteers they primarily "scratch their own itches" so it's no surprise to me that nobody has yet tried to add layers of complexity to the installer to make encrypted installs even easier. I was testing encrypted installs in a vm yesterday and it took me under 5 minutes to boot, set it up, install and reboot into a working system so I've personally no itch to scratch there.

DeepDayze

Post subject:Posted: 12.06.2011, 20:14

Joined: 2010-09-11
Posts: 616
Location: USA
Status: Offline

bfree, wold be nice if the partitioner part can have support for creating encrypted partitions from the get go such as having an option like "Encrypt this partition" when you select "Format To" when selecting a partition.

Let us know how the GPT and UEFI stuff goes so in future releases we can easily install Aptosid on such boards and drives

bfree

Post subject:Posted: 12.06.2011, 22:23

Team Member

Joined: 2010-08-26
Posts: 267

Status: Offline

DeepDayze wrote:

bfree, wold be nice if the partitioner part can have support for creating encrypted partitions from the get go such as having an option like "Encrypt this partition" when you select "Format To" when selecting a partition.

I addressed this in my prior post but I guess I'll go through it some more and spell it out a little further.

First off "the partitioner part" to me means the external partitioning tools (e.g. gparted and cfdisk), none of which have any support for encryption.

But I'll assume you mean the full tab in the installer which deals with launching partitioning tools, choosing your root partition (and it's format) and the mountpoints for other partitions.

If you want an encrypted root partition then you will need also need an unencrypted boot partition, so enabling the mythical option you talk of would also need to force you to choose a suitable boot partition (or confirm you plan to have an unbootable machine and arrange some other way to boot it).

If you want an encrypted partition and plan to use swap then you will also want that encrypted, and if you don't want to have to enter two passwords during boot then this will mean that you will probably want to use lvm on an encrypted device. This means that the mythical option will need to check if there is any swap and either confirm that it should be encrypted (including getting a password) or issue dire warnings about having unencrypted swap. The final option here for the mythical option would be that the installer should have to offer to setup an lvm volume group inside the chosen partition and then split that up into your swap and root filesysetms (inclduing setting their sizes and filesystems). At this point you are then choosing to use as your root partition a logical volume inside the volume group you created inside the partition you initially selected as your root partition. Hopefully just trying to understand the last sentence will help people understand how this just doesn't fit into the current framework.

Now you also only choose anything related to formatting for the root partition, so none of this will let anyone do anything like just encrypting /home (which I personally think is silly anyway, you're bound to want at least swap also encrypted). If options like the mythical one are added to all the partitions then there's extra potential to destroy existing data along with extra scope for people managing to find bugs which could do even more damage.

In summary this means a major invasive rewrite of the installer (gui), complicating it significantly, adding lots of potentially confusing options and opening up plenty more chances for something to go wrong destroying people's data. It's far more realistic to leave the installer as it is now and perhaps work on trying to improve the manual to help explain things more clearly (at least until someone gets the undying urge to rework the installer to add lvm support).

DeepDayze wrote:

Let us know how the GPT and UEFI stuff goes so in future releases we can easily install Aptosid on such boards and drives

As I mentioned, GPT works with lvm already and who knows it might work with normal partitions for the next release.

Most boards with a real UEFI (i.e. not apple though they will probably work with bootcamp or refit or something) will support bios/legacy booting which will let you also install aptosid just fine already as long as you don't try to put the boot partition somewhere that crosses the 2TB barrier.

se7en

Post subject:Posted: 13.06.2011, 01:57

Joined: 2010-09-11
Posts: 164

Status: Offline

First of all thank you for the detailed information especially from bfree.
I understand the technical difficulties now a lot better.
For the stability of the installer, yes of course you want to make sure it is save to use and not wipes out all the data.
As of the installer gui. I understand that things should be keep clean and easy to understand, that is why I would use a advanced/encrypt option which is only editable if the user chooses to do so.
I don't know if that is possible, how much work would be involved and how save that would be.

I think the ubuntu installer did only have the option for /home/ and I haven't checked if they have that option. Which I understand is not save at all.
Windows have there BitLocker not sure about Mac.